Introduction

This post explains how to set up development box with Intel SGX on Vultr bare metal server, but the same principle applies to any other Supermicro server which has supported CPU.

Setup

Assuming you have an account with Vultr, provision bare metal machine with Ubuntu 20.04. Once the machine has been provisioned, open Web console and press top right button: Send CtrlAltDel, after that keep pressing DEL until you get to BIOS and see the following screen:

BIOS_Setup

Then go to the following Menu: Advanced -> Chipset Configuration and enable SW Guard Extensions (SGX) which is disabled by default:

BIOS_Enabled

Save and reset. Once SGX is enabled in BIOS settings, the system is prepared for Intel SGX drivers installation, full guide provided by Intel can be found here.

Commands to follow:

  1. Download driver:
1
wget https://download.01.org/intel-sgx/sgx-linux/2.12/distro/ubuntu20.04-server/sgx_linux_x64_driver_2.11.0_4505f07.bin
  1. Download sdk:
1
wget https://download.01.org/intel-sgx/sgx-linux/2.12/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.12.100.3.bin
  1. Set executable bit:
1
chmod +x *.bin
  1. Add Intel’s Ubuntu repository:
1
2
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
  1. Install driver:
1
2
./sgx_linux_x64_driver_2.11.0_4505f07.bin
reboot
  1. After reboot, install required packages:
1
2
apt update
apt install -y libssl-dev libcurl4-openssl-dev libprotobuf-dev build-essential dkms libsgx-epid libsgx-urts libsgx-quote-ex python-is-python3
  1. Install Intel SDK, to /opt/intel/sgxsdk
1
2
3
./sgx_linux_x64_sdk_2.12.100.3.bin
choose no to current directory and specify: /opt/intel [this will create /opt/intel/sgxsdk]
source /opt/intel/sgxsdk/environment
  1. Check if SGX device is present in the system:
1
2
~$ ls -l /dev/isgx
crw-rw-rw- 1 root root 10, 58 Dec  8 16:56 /dev/isgx

At this point system is ready for Intel SGX development. Optionally you can download Docker and start developing with Apache Teaclave.

  1. Install docker
1
2
3
curl -fsSL https://get.docker.com -o get-docker.sh
chmod +x ./get-docker.sh
./get-docker.sh
  1. For Rust SDK use the following image:
1
2
3
4
docker run --rm -it --device /dev/isgx baiduxlab/sgx-rust:latest bash
git clone https://github.com/apache/incubator-teaclave-sgx-sdk
cd incubator-teaclave-sgx-sdk/samplecode/hello-rust
make
  1. Run sample application:
1
2
3
4
5
6
cd bin
$~/incubator-teaclave-sgx-sdk/samplecode/hello-rust/bin# ./app
[+] Init Enclave Successful 2!
This is a normal world string passed into Enclave!
This is a in-Enclave Rust string!
[+] say_something success...

For more information follow Teaclave docs.